diff options
| author | Derek McGowan <derek@mcgstyle.net> | 2016-07-13 13:30:24 -0700 |
|---|---|---|
| committer | Derek McGowan <derek@mcgstyle.net> | 2016-07-13 13:30:24 -0700 |
| commit | 19d48f0b8ba59eea9f2cac4ad1c7977712a6b7ac (patch) | |
| tree | 734158ca5c49fa54de719c35f9398de24bb2021a /registry/service.go | |
| parent | 1e0b7538fa2aba4aa252e423362171f1bbfa166c (diff) | |
| download | docker-19d48f0b8ba59eea9f2cac4ad1c7977712a6b7ac.tar.gz | |
Allow v1 search to use v2 auth with identity token
Updates the v1 search endpoint to also support v2 auth when an identity token is given.
Only search v1 endpoint is supported since there is not v2 search currently defined to replace it.
Signed-off-by: Derek McGowan <derek@mcgstyle.net>
Diffstat (limited to 'registry/service.go')
| -rw-r--r-- | registry/service.go | 40 |
1 files changed, 37 insertions, 3 deletions
diff --git a/registry/service.go b/registry/service.go index 25b4990e80..dbc16284f0 100644 --- a/registry/service.go +++ b/registry/service.go @@ -10,6 +10,7 @@ import ( "golang.org/x/net/context" "github.com/Sirupsen/logrus" + "github.com/docker/distribution/registry/client/auth" "github.com/docker/docker/reference" "github.com/docker/engine-api/types" registrytypes "github.com/docker/engine-api/types/registry" @@ -132,11 +133,44 @@ func (s *DefaultService) Search(ctx context.Context, term string, limit int, aut return nil, err } - r, err := NewSession(endpoint.client, authConfig, endpoint) - if err != nil { - return nil, err + var client *http.Client + if authConfig != nil && authConfig.IdentityToken != "" && authConfig.Username != "" { + creds := NewStaticCredentialStore(authConfig) + scopes := []auth.Scope{ + auth.RegistryScope{ + Name: "catalog", + Actions: []string{"search"}, + }, + } + + modifiers := DockerHeaders(userAgent, nil) + v2Client, foundV2, err := v2AuthHTTPClient(endpoint.URL, endpoint.client.Transport, modifiers, creds, scopes) + if err != nil { + if fErr, ok := err.(fallbackError); ok { + logrus.Errorf("Cannot use identity token for search, v2 auth not supported: %v", fErr.err) + } else { + return nil, err + } + } else if foundV2 { + // Copy non transport http client features + v2Client.Timeout = endpoint.client.Timeout + v2Client.CheckRedirect = endpoint.client.CheckRedirect + v2Client.Jar = endpoint.client.Jar + + logrus.Debugf("using v2 client for search to %s", endpoint.URL) + client = v2Client + } } + if client == nil { + client = endpoint.client + if err := authorizeClient(client, authConfig, endpoint); err != nil { + return nil, err + } + } + + r := newSession(client, authConfig, endpoint) + if index.Official { localName := remoteName if strings.HasPrefix(localName, "library/") { |